考题篇(6.2) 07 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
Posted meigang2012
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了考题篇(6.2) 07 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5相关的知识,希望对你有一定的参考价值。
Refer to the following exhibit:〖查看下列图片:〗
Which of the following statements are true based on this configuration? (Choose two.) 〖根据这个配置,下列哪个陈述是正确的?(选择两个)〗
A. The same administrator can lock more than one ADOM at the same time 〖同一个管理员可以同时锁定多个ADOM〗
B. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out 〖不优雅的关闭会话将使ADOM处于锁定状态,直到管理员会话超时〗
C. Unlocking an ADOM will submit configuration changes automatically to the approval administrator 〖解锁一个ADOM将自动向审批管理员提交配置更改〗
D. Unlocking an ADOM will install configuration automatically on managed devices 〖解锁一个ADOM将自动在被管理的设备上安装配置〗
【分析】
当ADOM被锁定时,如果遇到FortiManager的连接意外关闭(PC崩溃或浏览器关闭),它将保持锁定状态,直到管理员会话超时或会话被删除。
【答案】A B
Which two statements are correct regarding recovery logic used by FortiGate-FortiManager (FGFM) protocol when a configuration install is performed from the FortiManager to the managed FortiGate? (Choose two) 〖当从FortiManager到被管理的FortiGate执行配置安装时,关于FortiGate-FortiManager (FGFM)协议使用的恢复逻辑,哪两条语句是正确的?(选择两个)〗
A. FortiGate devices receive set and unset commands for each configuration change FortiManager sends. 〖FortiGate设备接收FortiManager发送的每个配置更改的set和unset命令。〗
B. FortiGate writes configuration changes to the configuration file, it then tests communication to the FortiManager via the FGFM protocol. 〖FortiGate将配置更改写入配置文件,然后通过FGFM协议测试与FortiManager的通信。〗
C. FortiGate applies configuration changes to the running configuration, it then tests communication to the FortiManager via the FGFM protocol. 〖FortiGate将配置更改应用于正在运行的配置,然后通过FGFM协议测试与FortiManager的通信。〗
D. FortiGate will shutdown if configuration changes render FortiManager unreachable via the FGFM protocol. 〖如果配置更改导致通过FGFM协议无法访问FortiManager,那么FortiGate将关闭。〗
【分析】
当应用更改时,FortiGate应用设置命令,只使用内存,不写入配置文件,测试到FortiManager的FGFM连接。如果连接仍然断开,并且在FortiManager上启用了允许回滚重新启动,那么FortiGate将重新启动以从其配置文件恢复以前的配置。
【答案】A C
Which two items are included in the FortiManager backup? (Choose two.) 〖FortiManager备份中包含哪两个项目?(选择两个)〗
A. FortiGuard database
B. Global database
C. Logs
D. All devices
【分析】
备份包含除了日志、FortiGuard缓存和固件映像之外的所有内容FortiManager。
【答案】B D
An administrator would like to create an SD-WAN using central management in the Training ADOM. 〖管理员希望在Training ADOM中使用集中管理创建SD-WAN。〗
To create an SD-WAN using central management, which two steps must be completed? (Choose two.) 〖要使用集中管理创建SD-WAN,必须完成哪两个步骤?(选择两个)〗
A. Specify a gateway address when you create a default SD-WAN static route 〖创建SD-WAN缺省静态路由时,请指定网关地址〗
B. Enable SD-WAN central management in the Training ADOM 〖在Training ADOM中启用SD-WAN集中管理〗
C. Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SD-WAN template settings 〖安装SD-WAN模板设置前,请先配置并安装SD-WAN防火墙策略和静态路由〗
D. Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces 〖删除所有将成为SD-WAN成员接口一部分的接口引用,如路由或策略〗
【分析】
使用FortiManager创建SD-WAN的第一步是在ADOM中启用SD-WAN集中管理。
如果需要使用某个接口作为SD-WAN成员,且该接口正在被防火墙策略引用,必须先删除关联的防火墙策略,才能将该接口分配为SD-WAN成员。
【答案】B D
Refer to the exhibit. Given the configuration shown in the exhibit, which two statements are true? (Choose two.) 〖查看下列图片,根据图片中显示的配置,哪两个陈述是正确的?(选择两个)〗
A. It allows two or more administrators to make configuration changes at the same time, in the same ADOM. 〖它允许两个或多个管理员在同一个ADOM中同时进行配置更改。〗
B. It disables concurrent read-write access to an ADOM. 〖它禁用对ADOM的并发读写访问。〗
C. It allows the same administrator to lock more than one ADOM at the same time. 〖它允许同一个管理员同时锁定多个ADOM。〗
D. It is used to validate administrator login attempts through external servers.〖它用于验证管理员通过外部服务器的登录尝试。〗
【分析】
你可以使用CLI或GUI来启用工作区模式并防止并发的ADOM访问。
【答案】B C
As a result of enabling FortiAnalyzer features on FortiManager, which of the following statements is true? 〖作为在FortiManager上启用FortiAnalyzer特性的结果,下面哪个陈述是正确的?〗
A. FortiManager will reboot 〖FortiManager将重启〗
B. FortiManager will send the logging configuration to the managed devices so the managed devices will start sending logs to FortiManager 〖FortiManager将向被管理设备发送日志配置,因此被管理设备将开始向FortiManager发送日志〗
C. FortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices 〖FortiManager将使ADOMs自动从非fortigate设备收集日志〗
D. FortiManager can be used only as a logging device.〖FortiManager只能作为日志设备使用。〗
【分析】
当FortiManager上启用FortiAnalyzer特性集时,FortiManager将重新启动。
【答案】A
What are the factory default settings on FortiManager? (Choose three.) 〖FortiManager的出厂默认设置是什么?(选择三个)〗
A. Username is admin 〖用户名是admin〗
B. Password is fortinet 〖密码是fortinet〗
C. FortiAnalyzer features are disabled 〖FortiAnalyzer功能被禁用〗
D. Reports and Event Monitor panes are enabled 〖已启用报表和事件监视器窗格〗
E. port1 interface IP address is 192.168.1.99/24〖port1接口IP地址为192.168.1.99/24〗
【分析】
首次登录FortiManager管理界面时,在浏览器中输入https://<出厂默认IP地址>。在登录屏幕出现后,使用工厂默认的管理员凭据来登录。默认凭据是用户名admin和一个空白密码。
默认情况下,FortiAnalyzer功能被禁用,FortiAnalyzer窗格被隐藏。
【答案】A C E
View the following exhibit: 〖查看下列图片:〗
How will FortiManager try to get updates for antivirus and IPS? 〖FortiManager将如何尝试获得反病毒和IPS更新?〗
A. From the list of configured override servers with ability to fall back to public FDN servers 〖从配置的覆盖服务器列表中返回到公共FDN服务器〗
B. From the configured override server list only 〖从已配置的覆盖服务器列表〗
C. From the default server fds1.fortinet.com 〖从默认服务器fds1.fortinet.com〗
D. From public FDNI server with highest index number only 〖从只有最高索引号的公共FDN服务器〗
【分析】
如果你将服务器覆盖模式设置为松散,FortiManager将首先尝试从配置的服务器列表获取更新;如果它们不可用,FortiManager将返回到其他公共FDS服务器以获得更新。
【答案】A
Which statement correctly names the Administrative Domains modes supported on FortiManager? 〖哪个语句正确命名FortiManager上支持的管理域模式?〗
A. Normal and Analyzer
B. Backup and Analyzer
C. Normal, Backup, and Collector
D. Normal and Backup
【分析】
在配置ADOM时,可以选择两种模式:标准模式或备份模式。在标准模式下,可以对ADOM和被管理设备进行配置更改。备份模式的主要目的是将配置更改直接备份到被管理设备上。
【答案】D
Refer to the exhibits. An administrator created a new system template named Training with two new DNS addresses on ForManager. During the installation preview stage, the administrator notices that many unset commands need to be pushed. 〖查看下列图片,管理员在ForManager上创建了一个名为Training的新系统模板,其中包含两个新的DNS地址。在安装预览阶段,管理员注意到需要推送许多unset命令〗
What can be the main reason for these unset commands? 〖这些未设置命令的主要原因是什么?〗
A. The DNS addresses in the default system settings are the same as the Training system template 〖系统默认设置中的DNS地址与Training系统模板相同〗
B. The Training system template has other default settings 〖Training系统模板具有其他默认设置〗
C. The ADOM is locked by another administrator 〖ADOM被其他管理员锁定〗
D. The Training system template does not have assigned devices 〖Training系统模板中没有分配设备〗
【分析】
【答案】B
以上是关于考题篇(6.2) 07 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5的主要内容,如果未能解决你的问题,请参考以下文章
考题篇(6.2) 02 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 03 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 01 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 03 ❀ FortiAnalyzer ❀ Fortinet 网络安全专家 NSE 5